But don’t panic yet; whether these amendments will ever be enacted is another matter — the Parliament is not the sovereign body of Europe. Policy makers will now enter a process that insiders dub a ‘trialog’.
This three-cornered negotiation takes place between representatives of the European Parliament, officials at the European Commission and the true holders of power in Europe, the Council of Ministers representing the 28 member states. All of this has to be ratified before the Parliament dissolves for elections that take place next June.
It’s all in the balance therefore — and it will probably all go horribly wrong. But there’s still a whiff of a chance that common sense will prevail and something good will come out of this. It all depends on getting the balance right across three very different dimensions.
Infor’s CEO Charles Phillips gave a typical response when I raised the data privacy question with him in conversation on Friday:
“US people just put their data out there, especially younger people. The rest of the world isn’t there yet. If you were concerned about that, you would’ve gotten worn down long ago in the US.”
But for certain sections of the population, privacy can make the difference between safety and peril. While some people may argue that if you have nothing to hide you have nothing to worry about, others take a different perspective. Fugitives from domestic violence, those on witness protection schemes and people who have been through a gender transition all have life-changing reasons for wanting to control what data about them is out there.
That’s why many in Europe elevate data privacy to the status of a human right. This allows them to feel scandalized that the US, while respecting minimal protection for the data privacy rights of its own citizens, allows its security agencies free rein to abuse the privacy of citizens of every other country. Though their own governments often play equally fast-and-loose with privacy.
Enshrining data privacy as a universal human right would provide protection that many feel could redress the balance of power between powerful corporations and individual citizens.
Innovation vs regulation
On the other hand, should the rights of a few restrict the freedoms of everyone else? The same burdens that tie the hands of global Internet giants while they profit from our data will also restrict the ability of startups and small businesses to pioneer innovative new services based on predicting our wants and needs.
The EU’s proposed new regulations encourage the use of ‘pseudonymized’ data, recognizing the value that can be derived from analyzing aggregate data in fields such as health, accident and fraud prevention, credit rating, predictive analysis, and so on. But even here there are potentially onerous requirements to ensure that identifying data cannot be extrapolated.
Many of us may well be happy — as most Americans are — to divulge our behavior, status and preferences in order to get better targeted, more timely and accurate services from providers. But these regulations could make those services more expensive to provide and indeed less competitive from similar services delivered under more lenient data privacy regimes.
In a free market, shouldn’t individuals be able to choose the degree of privacy they wish to have? The regulations should not mandate a specific, lowest-common-denominator privacy regime that everyone has to adhere to. Instead perhaps they should simply mandate a bill of rights that ensures people understand what privacy (or lack thereof) they’re signing up to for a given service. Then they can make an informed, individual choice whether to participate or not.
EU vs the world
The final component in all this is the diplomatic, trade protectionism angle. Certain policy makers seem to think that if Europe has the most citizen-friendly data protection rules then it will attract more services into its ambit. I’m not so sure that data protection is top of the list of criteria that Internet users have when considering services. Feature sets and pricing count for a lot more.
And if Europe really cares about data privacy as a human right then it should not restrict its horizons to a single continent.
Call me an idealist if you like, but for me, the best outcome out of the current discussions would be a global rather than solely a European consensus on data privacy. Let’s find one system that not only the 28 countries of the EU but also the US, Brazil, China, Japan, Singapore, Gulf states and everyone else can get behind.
Then we’ll have a truly global playing field in which citizens will know that neither powerful corporations nor an over-zealous state will abuse or undermine their rights to data privacy.
This is not something that can be achieved as early as next June; it will take a lot longer. But it’s an important aim. The network benefits of pooling all our knowledge and connections in the cloud will only be realized if the cloud is truly global. Therefore any rules need to be universal and the only rules that can command global respect have to be sufficiently light-touch to permit continued innovation.
Rather than the beginning of the end of the EU’s search for data harmonization, I rather hope that this week’s deliberations are merely the end of the beginning of a much larger quest for global consensus on Internet rights and freedoms. Let’s hope the politicians are up to the task.
Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant since 1998. As well as documenting the transformation of 21st century enterprises by digital technology, he has a part-time voluntary role as vice-president of industry advocacy group EuroCloud.
Dear Phil. You will
probably not be surprised hearing that I totally disagree. I do not believe in Adam
Smiths “invisible hand” and the free flow of capitalistic forces that will
result in the best possible solution for everybody. In fact by looking at what
has happened to your economies and societies whenever there is too few
restrictions and regulations (e.g. financial sector) I can only see a complete imbalance
of the strong, large, global and powerful once and a lot of unfairness for the
rest of the world.
Young Americans like
Mr Charles Phillips said in your interview may think different, may give away
their data without even thinking about it, but it is exactly this kind of repulsive
behaviour that I can’t hear anymore when he says: “The rest of the world isn’t
there yet. I pray to god, that we Europeans do not reach to everything which
might be normal and standard in the US yet.
The main difference
between US and EU behaviour seems to be, that most Europeans trust in their
governments and the way the use and protect our personal data, because we know
that they do this with extreme care. The Americans do not trust the US government
(neither do we) – but it seems that they are ready to give away their personal data
to companies just for a free Burger.
Yes I would call you
idealistic if you think that there is any chance of a global agreement on this
questions. Chinese will play their game, and the US always did. It’s time that
we Europeans define the rules for playing at our continent and our personal data
– and this not only in Europe but wherever in the world any of the startups you
mentioned wants to play and use with our personal data for their own profit.
So to say it in a British
phrase: God save the European way. Sorry for my English – but it was hard work
to write this sentences J
As individuals, we're powerless -- it's impossible to exist in modern society without a mobile phone or credit card collecting detailed data on almost every aspect of our lives. I do not trust unaccountable, unelected companies, with all the negotiating power, to make the right choices for society as a whole.
It's a great example of exactly the area that government is designed for -- to democratically and openly discuss the trade-offs and decide the right balance. I also believe it's governments' duty to protect people from poor choices in this extremely important area -- using the same logic behind making people wear helmets and seat belts.
One data privacy provision I've seen elsewhere (e.g. The Philippines' new data privacy law enacted last year: http://www.gov.ph/2012/08/15/republic-act-no-10173/) is having customers explicitly "opt in" to any new use of data, and that by default it can only be used for the purpose it is ostensibly collected.
For example, in order to bill me, a supermarket has to collect a list of what I'm purchasing -- but that doesn't necessarily mean that I accept for that data to be used for cross-marketing.
Or a telco has to track which cell tower I'm using in order to connect the call-- but that doesn't mean that I agree to let them use my location for any other purpose (you, too, NSA!).
This doesn't take away the consumer benefits -- I can opt in -- but it forces the companies to explain and justify what they're doing, which is good for society. I've seen first hand that this forces companies working on analytics and data warehousing to consider data privacy a lot more than elsewhere in order to stay in compliance.
I agree that getting the right balance is crucial. I also believe we have to recognize that the ultimate decision is a political one and therefore it will be impossible to please everyone.
For example, someone who is inclined to be libertarian in outlook will argue that people have the right to make choices that others (even the majority of society) regard as 'poor'. In the case of helmets and seat belts, individual choice is overridden not only to protect that person but also to reduce the cost to society of dealing with avoidable injury and death.
In the case of data privacy, I have a feeling that the harm to wider society is in the other direction - that more stringent individual privacy is to the detriment of wider common good from pooling of data. But at the same time I share your distrust of 'unaccountable, unelected companies' and how they might harm interests of powerless individuals if there are no legal constraints.
No matter where the balance is set, it will disappoint and perplex some of us. All in all, it's a difficult one to get right and there are no simple, easy answers.